Updated example for GitHub

When creating a new C# .NET project in SonarCloud linked to GitHub, the wizard for GitHub Action on step 2 shows a sample build.yml.

This is example looks to be at least two years old, as it uses an old version of the action to setup Java:

      - name: Set up JDK 11
        uses: actions/setup-java@v1
          java-version: 1.11

Immediately after using this GitHub’s Dependabot wants to bump this to version 3, and this brings in several breaking changes, and I now have to choose which distribution of Java I want to use. Zulu OpenJDK as the default in version 1, so I guess this is good to use still? Or are any of these preferred:

  • Eclipse Temurin
  • Zulu OpenJDK
  • Adopt OpenJDK Hotspot
  • Adopt OpenJDK OpenJ9
  • Liberica JDK
  • Microsoft Build of OpenJDK
  • Amazon Corretto Build of OpenJDK

Also the version in your example states version “1.11”, while the newer versions of the Java setup seems to want the version as “11”.

It might be worth mentioning that we are building on Ubuntu, the example only shows for Windows. We are also using SonarCloud for private projects with a paid plan.

I would really appreciate if an up to date example could be presented; here or in the wizard :innocent:

1 Like

Hi @Gakk , welcome to the community!

Thanks a lot for reporting this outdated tutorial.
As a short-term idea, I would suggest testing the v3 with the previous default value.
On my side, I’ll open an internal ticket to update the in-product tutorial, with both a Linux version and an up-to-date version of the setup-java action.


Hi again,

Here is an example of a GitHub Action workflow, using setup-java v3 with Zulu distribution and building on Ubuntu:

name: Build
      - master
    types: [opened, synchronize, reopened]
    name: Build
    runs-on: ubuntu-latest
      - name: Set up JDK 11
        uses: actions/setup-java@v3
          java-version: 11
          distribution: 'zulu'
      - uses: actions/checkout@v2
          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
      - name: Cache SonarCloud packages
        uses: actions/cache@v1
          path: ~\sonar\cache
          key: ${{ runner.os }}-sonar
          restore-keys: ${{ runner.os }}-sonar
      - name: Install SonarCloud scanners
        run: |
          dotnet tool install --global dotnet-sonarscanner
      - name: Build and analyze
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        run: |
          dotnet-sonarscanner begin /k:"YOUR_PROJECT_KEY" /o:"YOUR_ORGANIZATION_KEY" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io"
          dotnet build
          dotnet-sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"

Thanks again for helping us improve our products and user experience,



Thanks Claire, worked like a charm :+1:

As a side note; before you update your tutorial I suggest also updating to newer versions of both checkout and cache actions, so new users won’t start with old versions that GitHub’s Dependabot would bump immediately :nerd_face:

1 Like

Very good point indeed! The ticket is now more generic and mentions using up-to-date versions for all actions.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.